Skip to main content
GET
/
api
/
kyc
/
validations
/
{id}
/
media
Get KYC validation media
curl --request GET \
  --url http://api.gu1.ai/api/kyc/validations/{id}/media \
  --header 'Authorization: Bearer <token>'

​
Overview

After a session-based KYC validation finishes (for example approved), media references appear inside decision on GET /api/kyc/validations/:id (document images, portrait, liveness video, nested images, etc.). Current format: each reference is usually a kyc/... key (a path string). Download bytes with the media endpoint below and your API key. Older rows: some validations still have HTTPS URLs in decision (short-lived links from the verification flow). Use those URLs directly (for example in an <img> or a server-side fetch) while they remain valid. They are not passed to GET .../media?key= — that parameter is only for kyc/... keys. This page applies to full session KYC (global_gueno_validation_kyc). Face Match and ID Verification use other endpoints (see Face Match / ID Verification in the sidebar).
  • No data is deleted: existing API responses stay valid JSON; behaviour depends on what each string contains.
  • Keys (kyc/...): use GET /api/kyc/validations/:id/media with key URL-encoded. Access is scoped to your organization and that validation.
  • HTTPS strings: your app should treat them like normal temporary asset URLs until they expire. The API may replace them with kyc/... keys on a later sync with the provider (webhook or sync) when media ingest is enabled, as long as the hosted link can still be fetched.
  • If a link has already expired before migration, that field may stay as a dead URL until a new provider sync supplies fresh links (or ingest runs successfully). For maintenance, operators can use POST /api/kyc/validations/:id/backfill-didit-media (requires edit KYC permission) to attempt copying any remaining hosted media links still present in decision into stable keys—only useful while those links still work.

​
Request

​
Endpoint

GET https://api.gu1.ai/api/kyc/validations/{validationId}/media

​
Headers

  • Authorization: Bearer YOUR_API_KEY (required)

​
Query parameters

ParameterRequiredDescription
keyYesThe storage key string from decision. URL-encode the value (slashes become %2F).

​
Permissions

Your API key must be allowed to read KYC (kyc:read when the key uses granular permissions; otherwise the key follows the owner user’s role, with legacy fallback where applicable—same as GET /api/kyc/validations/:id).

​
Response

Raw file bytes. Content-Type reflects the asset (e.g. image/jpeg, video/webm).

​
Example

curl -sS -o portrait.jpg \
  -H "Authorization: Bearer YOUR_API_KEY" \
  "https://api.gu1.ai/api/kyc/validations/VALIDATION_UUID/media?key=kyc%2Fglobal_gueno_validation_kyc%2F..."
In application code, build the query with encodeURIComponent(key) so every / in the key is encoded.
The key query parameter alone is not a secret and does not replace authentication. Always send Authorization: Bearer; the API checks that the object key belongs to that validation and to your organization.